# coding: utf-8
from django.shortcuts import render
from django.shortcuts import render_to_response
from django.db.models import Q
from django.template import RequestContext

from jd_oss.tools import *
from jd_user.tools import *

import random
from Crypto.PublicKey import RSA
import crypt


class AddError(Exception):
    pass


# @require_role('user')
def profile(request):
    user_id = request.user.id
    if not user_id:
        return HttpResponseRedirect(reverse('index'))

    return my_render('juser/profile.html', locals(), request)



# @require_role(role='super')
def user_add(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '添加用户', '用户管理', '添加用户'


    dep_list = { d['cn']:d['description']
                 for d in UserTools.get_all('dep')}
    grp_list = { g['cn']:g['description']
                 for g in UserTools.get_all('grp')}

    if request.method == 'POST':
        username = request.POST.get('username', '')
        displayName = request.POST.get('displayName', '')
        password = gen_rand_pwd(16)
        email = request.POST.get('email', '')
        groups = request.POST.getlist('group_selected', [])
        departments = request.POST.getlist('department_selected', [])
        extra = request.POST.getlist('extra', [])
        is_active = False if '0' in extra else True
        send_mail_need = True if '1' in extra else False
        uid_num = UserTools.gen_uidNumber1()

        logger.debug('password : ' + password)
        sha512_pwd = gen_sha512(gen_rand_pwd(6),password)
        logger.debug('password_sha512 :' + sha512_pwd)

        user_attrs =  {'cn': [str(username)],
                       'displayName': [displayName.encode('utf-8')],
                       'gidNumber': [str(uid_num)],
                    #    'givenName': [''],
                       'homeDirectory': ['/home/%s' % str(username)],
                       'jpegPhoto': [''],
                       'l': ['Shanghai'],
                       'loginShell': ['/bin/bash'],
                       'mail': [str(email)],
                       'o': ['jidong'],
                       'objectClass': ['posixAccount', 'top', 'inetOrgPerson', 'shadowAccount'],
                       'shadowExpire': ['99999'],
                       'shadowFlag': ['0'],
                       'shadowInactive': ['99999'],
                       'shadowLastChange': ['12011'],
                       'shadowMax': ['99999'],
                       'shadowMin': ['0'],
                       'shadowWarning': ['0'],
                       'sn': [str(username)],
                    #    'telephoneNumber': [''],
                       'uid': str(username),
                       'uidNumber': [str(uid_num)],
                       'userPassword': ['{CRYPT}' + sha512_pwd]
                      }
        try:
            if '' in [username, password, displayName, email, groups, departments]:
                error = u'带*内容不能为空'
                raise ServerError

            user_is_exist = UserTools.get_user(username)
            if user_is_exist:
                error = u'用户 %s 已存在' % username
                raise ServerError
        except ServerError:
            pass
        else:
            try:
                # 真正开始处理添加用户
                UserTools.add_user(user_attrs)
                logger.debug(u"添加用户 [ %s ]" % username)
                # 处理组关系
                if groups:
                    logger.debug(u"为用户 [ %s ] 添加用户组" % username)
                    map(lambda g:UserTools.add_user_to_group(username,g),groups)
                # 部门关系
                if departments:
                    logger.debug(u"为用户 [ %s ] 添加部门" % username)
                    map(lambda d:UserTools.add_user_to_dep(username,d),departments)
                # 禁用用户
                if not is_active:
                    logger.debug(u"禁用 [ %s ] 用户" % username)
                    UserTools.add_user_to_django(username,'disabled')
                UserTools.add_user_to_django(username,'active')

                msg = u"添加用户 %s 成功. " % username

                # 邮件通知：
                if send_mail_need:
                    mail_msg = u"""你好,%s.你的账号已开通：
        用户名： %s
        密码： %s
        邮箱:  %s

        该邮件由系统自动发送,请勿回复.
                                """ % (
                                displayName,
                                username,
                                password,
                                email
                                )
                    send_mail_to(email,u"账号创建通知",mail_msg)


            except Exception,e:
                error += u'用户 [%s]  添加失败 ,清除该用户信息' % username
                logger.error(e)
                logger.error(e.message)
                logger.error(error)
                logger.debug(locals())
                # 清理用户信息
                UserTools.delete_user(username)

    return my_render('juser/user_add.html', locals(), request)


# @require_role(role='super')
def user_list(request):
    header_title, path1, path2 = '查看用户', '账号管理', '用户列表'
    keyword = request.GET.get('keyword', '')

    dep_list = {}
    grp_list = {}
    sts_list = {}

    user_list = UserTools.get_user('*')

    for user in user_list:
        username = user["uid"]
        user_deps = UserTools.get_user_dep(username)
        user_grps = UserTools.get_user_group(username)
        is_superuser = UserTools.is_member_of_group('superuser',username)
        is_active = UserTools.is_member_of_group('active',username)

        dep_list[username] = user_deps.values()
        grp_list[username] = user_grps.values()
        sts_list[username] = [is_superuser,is_active]

    if keyword:
        user_list = user_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('username')

    # 所有对象， 分页器， 本页对象， 所有页码， 本页页码，是否显示第一页，是否显示最后一页
    user_list, p, users, page_range, current_page, show_first, show_end = pages(user_list, request)

    return my_render('juser/user_list.html', locals(), request)

# @require_role(role='super')
def group_add(request):
    """
    group add view for route
    添加用户组的视图
    """
    error = ''
    msg = ''
    header_title, path1, path2 = '添加用户组', '用户管理', '添加用户组'
    user_all = User.objects.all()

    if request.method == 'POST':
        group_name = request.POST.get('group_name', '')
        users_selected = request.POST.getlist('users_selected', '')
        comment = request.POST.get('comment', '')

        try:
            if not group_name:
                error = u'组名 不能为空'
                raise ServerError(error)

            if UserGroup.objects.filter(name=group_name):
                error = u'组名已存在'
                raise ServerError(error)
            db_add_group(name=group_name, users_id=users_selected, comment=comment)
        except ServerError:
            pass
        except TypeError:
            error = u'添加小组失败'
        else:
            msg = u'添加组 %s 成功' % group_name

    return my_render('juser/group_add.html', locals(), request)


# @require_role(role='super')
def group_list(request):
    """
    list user group
    用户组列表
    """
    header_title, path1, path2 = '查看用户组', '用户管理', '查看用户组'
    keyword = request.GET.get('search', '')
    user_group_list = UserGroup.objects.all().order_by('name')
    group_id = request.GET.get('id', '')

    if keyword:
        user_group_list = user_group_list.filter(Q(name__icontains=keyword) |
                                                 Q(comment__icontains=keyword))

    if group_id:
        user_group_list = user_group_list.filter(id=int(group_id))

    user_group_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_group_list, request)
    return my_render('juser/group_list.html', locals(), request)


# @require_role(role='super')
def group_del(request):
    """
    del a group
    删除用户组
    """
    group_ids = request.GET.get('id', '')
    group_id_list = group_ids.split(',')
    for group_id in group_id_list:
        UserGroup.objects.filter(id=group_id).delete()

    return HttpResponse('删除成功')


# @require_role(role='super')
def group_edit(request):
    error = ''
    msg = ''
    header_title, path1, path2 = '编辑用户组', '用户管理', '编辑用户组'

    if request.method == 'GET':
        group_id = request.GET.get('id', '')
        user_group = get_object(UserGroup, id=group_id)
        # user_group = UserGroup.objects.get(id=group_id)
        users_selected = User.objects.filter(group=user_group)
        users_remain = User.objects.filter(~Q(group=user_group))
        users_all = User.objects.all()

    elif request.method == 'POST':
        group_id = request.POST.get('group_id', '')
        group_name = request.POST.get('group_name', '')
        comment = request.POST.get('comment', '')
        users_selected = request.POST.getlist('users_selected')

        try:
            if '' in [group_id, group_name]:
                raise ServerError('组名不能为空')

            if len(UserGroup.objects.filter(name=group_name)) > 1:
                raise ServerError(u'%s 用户组已存在' % group_name)
            # add user group
            user_group = get_object_or_404(UserGroup, id=group_id)
            user_group.user_set.clear()

            for user in User.objects.filter(id__in=users_selected):
                user.group.add(UserGroup.objects.get(id=group_id))

            user_group.name = group_name
            user_group.comment = comment
            user_group.save()
        except ServerError, e:
            error = e

        if not error:
            return HttpResponseRedirect(reverse('user_group_list'))
        else:
            users_all = User.objects.all()
            users_selected = User.objects.filter(group=user_group)
            users_remain = User.objects.filter(~Q(group=user_group))

    return my_render('juser/group_edit.html', locals(), request)





# @require_role(role='user')
def user_detail(request):
    header_title, path1, path2 = '用户详情', '用户管理', '用户详情'
    if request.session.get('role_id') == 0:
        user_id = request.user.id
    else:
        user_id = request.GET.get('id', '')

    user = get_object(User, id=user_id)
    if not user:
        return HttpResponseRedirect(reverse('user_list'))

    user_perm_info = get_group_user_perm(user)
    role_assets = user_perm_info.get('role')
    user_log_ten = Log.objects.filter(user=user.username).order_by('id')[0:10]
    user_log_last = Log.objects.filter(user=user.username).order_by('id')[0:50]
    user_log_last_num = len(user_log_last)

    return my_render('juser/user_detail.html', locals(), request)


# @require_role(role='admin')
def user_del(request):
    if request.method == "GET":
        user_ids = request.GET.get('id', '')
        user_id_list = user_ids.split(',')
    elif request.method == "POST":
        user_ids = request.POST.get('id', '')
        user_id_list = user_ids.split(',')
    else:
        return HttpResponse('错误请求')

    for user_id in user_id_list:
        user = get_object(User, id=user_id)
        if user and user.username != 'admin':
            logger.debug(u"删除用户 %s " % user.username)
            server_del_user(user.username)
            user.delete()
    return HttpResponse('删除成功')


# @require_role('admin')
def send_mail_retry(request):
    uuid_r = request.GET.get('uuid', '1')
    user = get_object(User, uuid=uuid_r)
    msg = u"""
    跳板机地址： %s
    用户名：%s
    重设密码：%s/juser/password/forget/
    请登录web点击个人信息页面重新生成ssh密钥
    """ % (URL, user.username, URL)

    try:
        send_mail(u'邮件重发', msg, MAIL_FROM, [user.email], fail_silently=False)
    except IndexError:
        return Http404
    return HttpResponse('发送成功')


@defend_attack
def forget_password(request):
    if request.method == 'POST':
        defend_attack(request)
        email = request.POST.get('email', '')
        username = request.POST.get('username', '')
        name = request.POST.get('name', '')
        user = get_object(User, username=username, email=email, name=name)
        if user:
            timestamp = int(time.time())
            hash_encode = PyCrypt.md5_crypt(str(user.uuid) + str(timestamp) + KEY)
            msg = u"""
            Hi %s, 请点击下面链接重设密码！
            %s/juser/password/reset/?uuid=%s&timestamp=%s&hash=%s
            """ % (user.name, URL, user.uuid, timestamp, hash_encode)
            send_mail('忘记跳板机密码', msg, MAIL_FROM, [email], fail_silently=False)
            msg = u'请登陆邮箱，点击邮件重设密码'
            return http_success(request, msg)
        else:
            error = u'用户不存在或邮件地址错误'

    return render_to_response('juser/forget_password.html', locals())


@defend_attack
def reset_password(request):
    uuid_r = request.GET.get('uuid', '')
    timestamp = request.GET.get('timestamp', '')
    hash_encode = request.GET.get('hash', '')
    action = '/juser/password/reset/?uuid=%s&timestamp=%s&hash=%s' % (uuid_r, timestamp, hash_encode)

    if hash_encode == PyCrypt.md5_crypt(uuid_r + timestamp + KEY):
        if int(time.time()) - int(timestamp) > 600:
            return http_error(request, u'链接已超时')
    else:
        return HttpResponse('hash校验失败')

    if request.method == 'POST':
        password = request.POST.get('password')
        password_confirm = request.POST.get('password_confirm')
        print password, password_confirm
        if password != password_confirm:
            return HttpResponse('密码不匹配')
        else:
            user = get_object(User, uuid=uuid_r)
            if user:
                user.password = PyCrypt.md5_crypt(password)
                user.save()
                return http_success(request, u'密码重设成功')
            else:
                return HttpResponse('用户不存在')

    else:
        return render_to_response('juser/reset_password.html', locals())

    return http_error(request, u'错误请求')


# @require_role(role='super')
def user_edit(request):
    header_title, path1, path2 = '编辑用户', '用户管理', '编辑用户'
    if request.method == 'GET':
        user_id = request.GET.get('id', '')
        if not user_id:
            return HttpResponseRedirect(reverse('index'))

        user_role = {'SU': u'超级管理员', 'CU': u'普通用户'}
        user = get_object(User, id=user_id)
        group_all = UserGroup.objects.all()
        if user:
            groups_str = ' '.join([str(group.id) for group in user.group.all()])
            admin_groups_str = ' '.join([str(admin_group.group.id) for admin_group in user.admingroup_set.all()])

    else:
        user_id = request.GET.get('id', '')
        password = request.POST.get('password', '')
        name = request.POST.get('name', '')
        email = request.POST.get('email', '')
        groups = request.POST.getlist('groups', [])
        role_post = request.POST.get('role', 'CU')
        admin_groups = request.POST.getlist('admin_groups', [])
        extra = request.POST.getlist('extra', [])
        is_active = True if '0' in extra else False
        email_need = True if '1' in extra else False
        user_role = {'SU': u'超级管理员', 'GA': u'部门管理员', 'CU': u'普通用户'}

        if user_id:
            user = get_object(User, id=user_id)
        else:
            return HttpResponseRedirect(reverse('user_list'))

        db_update_user(user_id=user_id,
                       password=password,
                       name=name,
                       email=email,
                       groups=groups,
                       admin_groups=admin_groups,
                       role=role_post,
                       is_active=is_active)

        if email_need:
            msg = u"""
            Hi %s:
                您的信息已修改，请登录跳板机查看详细信息
                地址：%s
                用户名： %s
                密码：%s (如果密码为None代表密码为原密码)
                权限：：%s

            """ % (user.name, URL, user.username, password, user_role.get(role_post, u''))
            send_mail('您的信息已修改', msg, MAIL_FROM, [email], fail_silently=False)

        return HttpResponseRedirect(reverse('user_list'))
    return my_render('juser/user_edit.html', locals(), request)




def change_info(request):
    header_title, path1, path2 = '修改信息', '用户管理', '修改个人信息'
    user_id = request.user.id
    user = User.objects.get(id=user_id)
    error = ''
    if not user:
        return HttpResponseRedirect(reverse('index'))

    if request.method == 'POST':
        name = request.POST.get('name', '')
        password = request.POST.get('password', '')
        email = request.POST.get('email', '')

        if '' in [name, email]:
            error = '不能为空'

        if not error:
            User.objects.filter(id=user_id).update(name=name, email=email)
            if len(password) > 0:
                user.set_password(password)
                user.save()
            msg = '修改成功'

    return my_render('juser/change_info.html', locals(), request)


# @require_role(role='user')
def regen_ssh_key(request):
    uuid_r = request.GET.get('uuid', '')
    user = get_object(User, uuid=uuid_r)
    if not user:
        return HttpResponse('没有该用户')

    username = user.username
    ssh_key_pass = PyCrypt.gen_rand_pass(16)
    gen_ssh_key(username, ssh_key_pass)
    return HttpResponse('ssh密钥已生成，密码为 %s, 请到下载页面下载' % ssh_key_pass)


# @require_role(role='user')
def down_key(request):
    if is_role_request(request, 'super'):
        uuid_r = request.GET.get('uuid', '')
    else:
        uuid_r = request.user.uuid
    if uuid_r:
        user = get_object(User, uuid=uuid_r)
        if user:
            username = user.username
            private_key_file = os.path.join(KEY_DIR, 'user', username+'.pem')
            print private_key_file
            if os.path.isfile(private_key_file):
                f = open(private_key_file)
                data = f.read()
                f.close()
                response = HttpResponse(data, content_type='application/octet-stream')
                response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(private_key_file)
                if request.user.role == 'CU':
                    os.unlink(private_key_file)
                return response
    return HttpResponse('No Key File. Contact Admin.')
